Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent hard check on token expiration when calling token refresh endpoint #102

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dannosaur
Copy link

The refresh endpoint shouldn't have a hard check on token expiration since we're allowing for tokens to be refreshed beyond the expiration up to a given delta. The current functionality prevents a refresh from ever occurring, causing the refresh endpoint to also respond with a 401, thus ending the user's session.

This fix bubbles verify_exp=False from the refresh serializer down to jwt_decode to prevent it from raising an ExpiredSignature exception when attempting to refresh an otherwise valid token, as allowed by the settings.

Fixes #25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Refresh Token Issue
1 participant